Implementing Security, Part I: Hardening your Windows Servers

Security cannot be found in an article, or a box on the shelf. Security is policy and process -- constantly revised, reviewed, and implemented. Starting with part 1 of this two-article series, Joseph Dries helps you develop a laundry list of basic security processes to implement on your production Windows NT and 2000 servers.

This article was excerpted from The Concise Guide to Enterprise Internetworking and Security.

When alerted to an intrusion by tinkling glass or otherwise, 1) calm yourself,
2) identify the intruder, and 3) if hostile, kill him.

—G. Gordon Liddy's Forbes column on personal security

Setting Proper Expectations

This article gives you a starting point for building a secure Internet
connection. General security could easily cover an entire book. Specific topics
in security, such as Public Key Infrastructure (PKI), IP Security for IPv4 and
IPv6 (IPSec), Virtual Private Networks (VPNs), or a specific vendor's
firewall implementation could all be (and indeed are) volumes all their own.

The goal here is to provide the absolute basics necessary to secure your
Internet connection. Additional reading will be required, depending on the
equipment you purchase and the infrastructure you build. Additional effort on
your part will be required. Security is a constant effort; the only thing
guaranteed is that you won't be 100% secure 100% of the time.

You will need to spend some time with your internal security policies.
You'll be using resources such as my earlier article, "Assessing Your
Security Needs," and RFC 2196: "The Site Security Handbook." You
should now have a good handle on the threat model as well as an idea of what
you're protecting and whom you are protecting it from. Properly defining
your threat model and internal security policies gives you a framework within
which you can begin to build and maintain your organization's
integrity.

A Basic Security Primer

These books can help you a great deal in designing and implementing your
security:

Firewalls and Internet Security: Repelling the Wily Hacker, by Bill
Cheswick and Steve Bellovin. Published by Addison Wesley. ISBN 0-201-63357-4

Building Internet Firewalls, by D. Brent Chapman and Elizabeth Zwicky.
Published by O'Reilly Books. ISBN 1-56592-124-0